Key compliance news from Facebook's first CCO, UAE AML blacklist, CD Projekt cyberattack, TikTok GDPR breaches and Covid phishing to Apple competition.
Our pick of key compliance stories this month
- Facebook hires first chief compliance officer
- UAE threatened with blacklist over money laundering & terror financing
- CD Projekt hit by cyberattack
- Former Goldman Sachs analyst charged with insider dealing
- Construction company & client fined over unsafe removal of asbestos
- TikTok facing serious GDPR breaches
- Cancer centre boss £23k unfair dismissal award
- Anti-fraud Santander bank worker jailed for customer fraud
- COVID-19 phishing scam spoofs NHS email
- Epic Games files EU competition complaint against Apple
Facebook hires first chief compliance officer
In the face of intensive regulatory pressure concerning its business practices, Henry Moniz has been hired as Facebook's first chief compliance officer. The social media giant is currently battling against numerous allegations, lawsuits and investigations.
The US Federal Trade Commission along with a large group of state attorneys general filed lawsuits against Facebook alleging violations of antitrust law. Facebook has been accused of using its market position to destroy up-and-coming rivals by copying their features or pressuring them into being acquired.
Privacy scandals have also blighted the company’s image. A recent update to WhatsApp, the Facebook-owned messaging app, turned into a PR nightmare when users misconstrued a privacy update and believed that Facebook would have the right and ability to read their personal messages.
UAE threatened with blacklist over money laundering & terror financing
The European Commission has threatened to place the United Arab Emirates on the EU's anti-money laundering and counter-terrorist financing list if it has not made significant progress in the fight against money laundering and terror financing by June 2021.
A recent report by the Carnegie Endowment for International Peace describes Dubai as an 'attractive destination for dirty money’.
The report also stated: 'Corrupt and criminal actors from around the world operate through or from Dubai. Afghan warlords, Russian mobsters, Nigerian kleptocrats, European money launderers, Iranian sanctions-busters, and East African gold smugglers'.
As the Middle Eastern state looks to shed its reputation as a financial crime hotspot, the UAE’s central bank has responded by fining 11 banks a combined total of $12.5m for anti-money laundering (AML) failings.
- Conduct initial and ongoing client due diligence using a risk-based approach
- Look out for unusual or suspicious customers or transactions. Pay particular attention to high-risk customers and jurisdictions.
- Report any knowledge or suspicion of money laundering or terrorist financing to your MLRO immediately.
- Contact your MLRO if you learn that a customer has become a politically-exposed person, or is reported to be linked with any criminal activity or subject to sanctions.
- Exercise extreme care to avoid tipping off anyone who has been reported for money laundering or terrorist financing.
CD Projekt Hit By Cyberattack
Video game developer CD Projekt was hit with a cyberattack, resulting in its servers being encrypted and the source code of its games being sold on the dark web.
'Although some devices in our network have been encrypted, our backups remain intact', CD Projekt said on Twitter. 'We have already secured our IT infrastructure and begun restoring the data.'
CD Projekt said it doesn’t believe the compromised systems contained any personal data. The company said it has contacted law enforcement and Jan Nowak, the president of Poland’s Personal Data Protection Office (UODO), as well as IT forensics investigators.
News of the cyberattack has seen shares of CD Projekt sink 5.5%.
- Be extra vigilant - remember that having access to corporate networks and data makes you a target for cyber criminals.
- Be cautious and even cynical about offers, demands and messages that are designed to arouse curiosity, anxiety or fears.
- Treat all unsolicited or unexpected requests with caution - challenge anything that is unusual or suspicious.
Former Goldman Sachs analyst & brother charged with insider dealing
A former Goldman Sachs analyst was charged with six offences of insider dealing and three offences of fraud by false representation.
Mohammed Zina and his brother are accused of making a profit of about £142,000 from insider dealing in shares of companies including Arm Holdings and Punch Taverns in 2016 and 2017, according to the Financial Conduct Authority (FCA).
The pair are also accused of three counts of fraud related to loans totalling £95,000 taken out from Tesco Bank. The brothers allegedly told the bank they intended to use the funds for home improvements, when the loans are said to have been used to fund their scheme.
The case was sent to Southwark crown court for a plea and trial preparation hearing on 16 March 2021. The pair face a fine and/or up to 10 years’ imprisonment. Insider dealing is punishable by a fine and/or up to seven years’ imprisonment.
- Be clear about what is sensitive non-public information and what isn't.
- Never disclose non-public information to outsiders.
- Don't make recommendations or induce others to deal while in possession of inside information.
- During the recruitment stage, probe and document the work history of candidates.
Construction company & client fined over unsafe removal of asbestos
Samer Constructions Ltd and its customer Swift Property Management MCR have both been fined after failing to manage asbestos safely during a refurbishment of a former office block in Stockport.
The construction company were hired to refurbish a property in Hazel Grove, Stockport. However, materials containing asbestos along with general waste were discarded from the property and were spread across the roof of a one storey part of the block. Some of the materials had also fallen onto a car park area below that was not segregated from passing members of the public.
The HSE found that Samer Constructions failed in its duty to identify whether a survey had been undertaken and went ahead with the work 'in a reckless manner', resulting in two employees being exposed to asbestos fibres.
Swift Property Management pleaded guilty to breaching sections 2(1) and 3(1) of the health and Safety at Work etc. Act 1974. It was fined £25,000 and ordered to pay costs of £3,428.
Samer Constructions Ltd pleaded guilty to breaching sections 2(1) and 3(1) of the health and Safety at Work etc. Act 1974. It was fined £12,000 and ordered to pay costs of £3,428.
- Remember that steps must be put in place to protect workers from exposure to asbestos fibres.
- Ensure you find out if there are any asbestos materials where work is to be carried out.
- Assess the risk presented by any asbestos materials and make a plan to manage that risk accordingly.
- Don't remove asbestos unnecessarily - sometimes leaving it in situ is safer.
TikTok facing GDPR charges
TikTok has been accused of breaching GDPR rules by the European Consumer Organization (BEUC).
A complaint filed with the European Commission argues that the video-sharing social network misleads users regarding the type of personal data it collects.
The BEUC commented that 'We have brought our data protection findings to the attention of Data Protection Authorities in the context of their ongoing investigations into the company'.
They have also called on TikTok to 'respect its users’ privacy and data protection rights. It should ensure that its policies respect all the obligations under EU data protection law. Data collection, profiling and targeted advertising for all users below 18 should be severely restricted'.
The BEUC argues that several terms in TikTok’s user agreement are unclear and unfair. The fact that TikTok can modify the exchange rate between in-app coins and virtual gifts on the platform is also accused of being unfairly biased against the consumer.
Cancer centre boss awarded £23k by unfair dismissal tribunal
An employment tribunal awarded nearly £23k to a former manager of Maggie's Cancer Centre in Manchester after finding she was dismissed unfairly by her employer.
The tribunal heard that in the summer of 2019, Sinead Collins' then line manager gave her an annual performance review rating of 45/50 - considered to be a 'strong' performance.
However, just months later, in Autumn 2019, a new line manager placed Miss Collins on 'performance management'. There was no formal performance plan, no targets and no written record of the 'problems' with her work.
In February 2020, there was a development review meeting between Miss Collins and her manager, who commented that she did not feel the Manchester Centre was 'in good hands'. The claimant believed her boss was 'pushing her to resign'.
- Ensure that your reasons for dismissal are entirely fair - be aware that some reasons for dismissal are automatically classed as unfair, such as reasons relating to pregnancy or parental leave.
- Make sure you follow a fair disciplinary procedure, carrying out a thorough investigation.
- Take detailed notes and make sure you follow up meetings in writing.
- Treat all employees consistently
Santander anti-fraud worker jailed for customer fraud
A member of Santander’s anti-fraud team was jailed for selling customers' details in a £90,000 scam.
Bilal Abbas sold the information to Umair Memon, who then used it to purchase luxury goods by telephone under a fake name. The transactions would be flagged as fraudulent and cancelled several days later leaving businesses 'out of pocket', Northumbria Police said.
Detective Constable Patrick Naughten said it was a 'large-scale scam' and that Abbas 'abused a position of trust'.
He said: "It became clear they had been living the high life at the expense of their victims and showed no remorse for those businesses they had left out of pocket."
COVID-19 phishing scam spoofs NHS vaccine email
Security experts are warning of a new COVID-19 vaccine phishing scam, this time using NHS-branded emails to trick users into handing over their personal and financial details.
This scam informs recipients they have been selected for a jab based on family and medical history, using the trusted brand of the Health Service and the promise of protection from the deadly virus to socially engineer victims.
Information including name, date of birth and credit card details handed over by any unsuspecting recipients can then be sold on the dark web and/or used in follow-on fraud, according to Mimecast.
Mimecast's Head of e-crime, Carl Wearn, states that the pandemic is forcing organized crime groups to find new ways to make money.
'The majority of online scams rely on some form of human error, as it is far easier to compromise a single user than a whole system. Threat actors know this well and are continuing to exploit the human factor by tailoring scams to target current events and the fears of their victims', he added.
- Be aware of the signs of phishing and do not open malicious emails.
- Do not select links or open documents, even from known sources, if you suspect message might be a phishing scam.
- Report any malicious emails to an IT administrator.
Epic Games EU competition complaint against Apple
Epic Games has filed an EU antitrust complaint against Apple, ratcheting up its battle with the tech giant over app store payments.
The two companies have been locked in a dispute since August, when Epic launched its own in-app payment system in a bid to sidestep Apple’s 30 per cent commission on some in-app purchases.
The move prompted the iPhone maker to kick Epic’s Fortnite game off the app store and pull the company’s developer licence.
In the complaint filed today, Epic accused Apple of setting up a “series of carefully designed anti-competitive restrictions”, adding that the tech giant had “not just harmed but completely eliminated competition in app distribution and payment processes”.
- Don't discuss or enter agreements with competitors regarding prices, production volumes, intended bids, or agree to share markets or customers.
- Don't place price, territorial or online sales restrictions on suppliers or distributors.
- Never act in a way that restricts competition in any market where your company has a dominant position.
- Never discuss commercially-sensitive information, such as future pricing plans and promotions with competitors or suppliers, or discuss RRPs with retailers.
- Report any suspicion or violation of competition law to the appropriate authorities immediately.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!